[prev in list] [next in list] [prev in thread] [next in thread]
List: spamassassin-devel
Subject: [Bug 6797] New: lower score for combined RCVD_IN_SORBS_HTTP and RCVD_IN_SORBS_SOCKS hits
From: bugzilla-daemon () bugzilla ! spamassassin ! org
Date: 2012-05-18 15:44:12
Message-ID: bug-6797-26 () https ! issues ! apache ! org/SpamAssassin/
[Download RAW message or body]
--1337355854.dd135aC80.70318
Date: Fri, 18 May 2012 15:44:14 +0000
MIME-Version: 1.0
Content-Type: text/plain; charset="UTF-8"
https://issues.apache.org/SpamAssassin/show_bug.cgi?id=6797
Priority: P2
Bug ID: 6797
Assignee: dev@spamassassin.apache.org
Summary: lower score for combined RCVD_IN_SORBS_HTTP and
RCVD_IN_SORBS_SOCKS hits
Severity: normal
Classification: Unclassified
OS: Linux
Reporter: uhlar@fantomas.sk
Hardware: PC
Status: NEW
Version: unspecified
Component: Rules
Product: Spamassassin
rules RCVD_IN_SORBS_HTTP and RCVD_IN_SORBS_SOCKS seem to hit in together too
often, at least here:
% grep -Fh ']: spamd: result: ' /var/log/today/courier | grep -e
RCVD_IN_SORBS_HTTP -e RCVD_IN_SORBS_SOCKS | awk ' /RCVD_IN_SORBS_HTTP/ &&
/RCVD_IN_SORBS_SOCKS/ { both++} END {print NR, both;}'
12 12
% grep -Fh ']: spamd: result: ' /var/log/yesterday/courier | grep -e
RCVD_IN_SORBS_HTTP -e RCVD_IN_SORBS_SOCKS | awk ' /RCVD_IN_SORBS_HTTP/ &&
/RCVD_IN_SORBS_SOCKS/ { both++} END {print NR, both;}'
3 3
They both have similar scores about 2.5 in network&!bayes set.
I propose small score fix, so they together don't puth too hard:
meta SORBS_SOCKS_HTTP (RCVD_IN_SORBS_HTTP && RCVD_IN_SORBS_SOCKS)
describe SORBS_SOCKS_HTTP fix for HTTP&SOCKS proxies in SORBS (usually come
together)
score SORBS_SOCKS_HTTP 0 -2 0 0
Note they are both used in deep scanning, so this indicated that proxies are
often open for both HTTP and SOCKS, but mail from such hosts may be valid and
relayed through spam filtering MTAs.
--
You are receiving this mail because:
You are the assignee for the bug.
--1337355854.dd135aC80.70318
Date: Fri, 18 May 2012 15:44:14 +0000
MIME-Version: 1.0
Content-Type: text/html; charset="UTF-8"
<html>
<head>
<base href="https://issues.apache.org/SpamAssassin/" />
</head>
<body><table border="1" cellspacing="0" cellpadding="8">
<tr>
<th>Priority</th>
<td>P2
</td>
</tr>
<tr>
<th>Bug ID</th>
<td><a class="bz_bug_link
bz_status_NEW "
title="NEW --- - lower score for combined RCVD_IN_SORBS_HTTP and RCVD_IN_SORBS_SOCKS hits"
href="https://issues.apache.org/SpamAssassin/show_bug.cgi?id=6797">6797</a>
</td>
</tr>
<tr>
<th>Assignee</th>
<td>dev@spamassassin.apache.org
</td>
</tr>
<tr>
<th>Summary</th>
<td>lower score for combined RCVD_IN_SORBS_HTTP and RCVD_IN_SORBS_SOCKS hits
</td>
</tr>
<tr>
<th>Severity</th>
<td>normal
</td>
</tr>
<tr>
<th>Classification</th>
<td>Unclassified
</td>
</tr>
<tr>
<th>OS</th>
<td>Linux
</td>
</tr>
<tr>
<th>Reporter</th>
<td>uhlar@fantomas.sk
</td>
</tr>
<tr>
<th>Hardware</th>
<td>PC
</td>
</tr>
<tr>
<th>Status</th>
<td>NEW
</td>
</tr>
<tr>
<th>Version</th>
<td>unspecified
</td>
</tr>
<tr>
<th>Component</th>
<td>Rules
</td>
</tr>
<tr>
<th>Product</th>
<td>Spamassassin
</td>
</tr></table>
<p>
<div>
<pre>rules RCVD_IN_SORBS_HTTP and RCVD_IN_SORBS_SOCKS seem to hit in together too
often, at least here:
% grep -Fh ']: spamd: result: ' /var/log/today/courier | grep -e
RCVD_IN_SORBS_HTTP -e RCVD_IN_SORBS_SOCKS | awk ' /RCVD_IN_SORBS_HTTP/ &&
/RCVD_IN_SORBS_SOCKS/ { both++} END {print NR, both;}'
12 12
% grep -Fh ']: spamd: result: ' /var/log/yesterday/courier | grep -e
RCVD_IN_SORBS_HTTP -e RCVD_IN_SORBS_SOCKS | awk ' /RCVD_IN_SORBS_HTTP/ &&
/RCVD_IN_SORBS_SOCKS/ { both++} END {print NR, both;}'
3 3
They both have similar scores about 2.5 in network&!bayes set.
I propose small score fix, so they together don't puth too hard:
meta SORBS_SOCKS_HTTP (RCVD_IN_SORBS_HTTP && RCVD_IN_SORBS_SOCKS)
describe SORBS_SOCKS_HTTP fix for HTTP&SOCKS proxies in SORBS (usually come
together)
score SORBS_SOCKS_HTTP 0 -2 0 0
Note they are both used in deep scanning, so this indicated that proxies are
often open for both HTTP and SOCKS, but mail from such hosts may be valid and
relayed through spam filtering MTAs.</pre>
</div>
</p>
<hr>
<span>You are receiving this mail because:</span>
<ul>
<li>You are the assignee for the bug.</li>
</ul>
</body>
</html>
--1337355854.dd135aC80.70318--
[prev in list] [next in list] [prev in thread] [next in thread]
Configure |
About |
News |
Add a list |
Sponsored by KoreLogic